Re: Block db access by IP and username

From: vamshi krishna <vamshireddy_1_at_yahoo.co.in>
Date: Tue, 1 Sep 2009 04:15:58 +0530 (IST)
Message-ID: <679388.75149.qm_at_web94502.mail.in2.yahoo.com>

use this option its very efficient.

TCP.EXCLUDED_NODES
Purpose

Use the parameter TCP.EXCLUDED_NODES to specify which clients are denied access to the database. Syntax

TCP.EXCLUDED_NODES=(hostname | ip_address, hostname | ip_address, ...)

Example

TCP.EXCLUDED_NODES=(finance.us.acme.com, mktg.us.acme.com, 144.25.5.25)

TCP.INVITED_NODES
Purpose

Use the parameter TCP.INVITED_NODES to specify which clients are allowed access to the database. This list takes precedence over the TCP.EXCLUDED_NODES parameter if both lists are present. Syntax

TCP.INVITED_NODES=(hostname | ip_address, hostname | ip_address, ...)

Example

TCP.INVITED_NODES=(sales.us.acme.com, hr.us.acme.com, 144.185.5.73)

TCP.VALIDNODE_CHECKING

From: "Goulet, Richard" <Richard.Goulet_at_parexel.com> To: gabriel.aragon_at_ge.com; oracle-l_at_freelists.org Sent: Monday, August 31, 2009 1:00:53 PM Subject: RE: Block db access by IP and username

"I was thinking about using an after logon trigger to detect username and IP and kill session if it doest fit with required values, but I think this is a little bit rude."

No it
isn't.

Dick
Goulet
Senior Oracle
DBA/NA Team Lead
PAREXEL International

From: oracle-l-bounce_at_freelists.org [mailto:oracle-l-bounce_at_freelists.org] On Behalf Of Aragon, Gabriel (GE, Corporate, consultant)
Sent: Monday, August 31, 2009 3:53
PM
To: oracle-l_at_freelists.org
Subject: Block db access by IP
and username

Hi all,

long time no checking this list. I have a security question. I need to block access to db by IP and username, let's say that I need that user XXXX can connect ONLY from IP aaa.bbb.ccc.ddd, that is, if user XXXX wants to connect from another IP, access will be denied.

I was thinking about using an after logon trigger to detect username and IP and kill session if it doest fit with required values, but I think this is a little bit rude. The other option I verified was using sqlnet.ora configuration but this only filters by IP and I would have to add all posssible IP's but doesnt filter users, and this is not what I need.

Any ideas?

TIA
Gabriel

--
http://www.freelists.org/webpage/oracle-l

Received on Mon Aug 31 2009 - 17:45:58 CDT

This message: [ Message body ]
Next message: vamshi krishna: "Re: Renaming schemas directly"
Previous message: Lei Zeng: "RE: cursor: pin X wait on S"
In reply to: Goulet, Richard: "RE: Block db access by IP and username"
Next in thread: Rakesh Tikku: "Re: Block db access by IP and username"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ]

Original text of this message